Skip to content

Commit

Permalink
improve basic authentication parsing for OIDCOAuthAcceptTokenAs basic
Browse files Browse the repository at this point in the history
Signed-off-by: Hans Zandbelt <[email protected]>
  • Loading branch information
zandbelt committed Sep 9, 2024
1 parent f7beb71 commit 94f832f
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 4 deletions.
1 change: 1 addition & 0 deletions ChangeLog
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
09/09/2024
- fix accepting custom cookie names in OIDCOAuthAcceptTokenAs cookie:<name>; see #1261; thanks @bbartke
- bump to 2.4.16.4rc0
- improve basic authentication parsing when using OIDCOAuthAcceptTokenAs basic

09/06/2024
- allow overriding globally set OIDCCacheType back to shm in vhosts
Expand Down
9 changes: 5 additions & 4 deletions src/oauth.c
Original file line number Diff line number Diff line change
Expand Up @@ -210,10 +210,10 @@ apr_byte_t oidc_oauth_get_bearer_token(request_rec *r, const char **access_token
oidc_debug(r, "authorization header found");

apr_byte_t known_scheme = 0;
char *scheme = ap_getword(r->pool, &auth_line, OIDC_CHAR_SPACE);

/* look for the Bearer keyword */
if ((_oidc_strnatcasecmp(ap_getword(r->pool, &auth_line, OIDC_CHAR_SPACE), OIDC_PROTO_BEARER) ==
0) &&
if ((_oidc_strnatcasecmp(scheme, OIDC_PROTO_BEARER) == 0) &&
(accept_token_in & OIDC_OAUTH_ACCEPT_TOKEN_IN_HEADER)) {

/* skip any spaces after the Bearer keyword */
Expand All @@ -226,7 +226,8 @@ apr_byte_t oidc_oauth_get_bearer_token(request_rec *r, const char **access_token

known_scheme = 1;

} else if (accept_token_in & OIDC_OAUTH_ACCEPT_TOKEN_IN_BASIC) {
} else if ((_oidc_strnatcasecmp(scheme, OIDC_PROTO_BASIC) == 0) &&
(accept_token_in & OIDC_OAUTH_ACCEPT_TOKEN_IN_BASIC)) {

char *decoded_line;
int decoded_len;
Expand All @@ -244,7 +245,7 @@ apr_byte_t oidc_oauth_get_bearer_token(request_rec *r, const char **access_token
}

if (known_scheme == 0) {
oidc_warn(r, "client used unsupported authentication scheme: %s", r->uri);
oidc_warn(r, "client used unsupported authentication scheme: %s", scheme);
}
}
}
Expand Down

0 comments on commit 94f832f

Please sign in to comment.